Celebrating people who bring the Internet to life

APNIC Partners On Experiment to Improve DNS

May 4, 2018

An experiment is underway to better understand the security protocols protecting commonly used domain namesystem servers.

In partnership with the Asia Pacific Network Information Centre, Cloudflare launched new speed and privacy enhancing domain name system servers in April as part of an experiment to root out distributed denial of service attacks.

The Cloudflare-APNIC experiment uses two IPv4 address ranges, 1.1.1/24 and 1.0.0/24, which were originally configured as dark traffic ranges and have since been reserved for research use. Cloudflare's new DNS uses two addresses within those ranges, 1.1.1.1 and 1.0.0.1.

Since its launch, multiple operational systems have been outed for breaching internet routing standards, including those used by Vodafone and Fortinet VPN.

In a blog post, Geoff Huston, an Internet Hall of Fame inductee and APNIC’s chief scientist, said the experiment should yield additional insights into how DNS works, particularly with respect to security and user privacy.

"We are now critically reliant on the integrity of the DNS, yet the details of the way it operates still remains largely opaque," he wrote.

"We are aware that the DNS has been used to generate malicious denial of service attacks, and we are keen to understand if there are simple and widely deployable measures that can be taken to mitigate such attacks."